[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [syndication] Syndication of javascript: urls as a security window?

To: syndication@yahoogroups.com
Subject: Re: [syndication] Syndication of javascript: urls as a security window?
From: burton@openprivacy.org
Date: 01 Mar 2002 18:47:13 -0800
In-reply-to: <bnCqLhAIMkf8EAB7@voidstar.com>
References: <87sn7msera.fsf@universe.yi.org> <1014853230.21568.740.camel@avenger> <20020228000835.GA17494@trainedmonkey.com> <bnCqLhAIMkf8EAB7@voidstar.com>
Sender: burton@universe.yi.org
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1.50

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Bond <julian_bond@voidstar.com> writes:
<snip/>

> 
> Displaying the entire description as delivered is risky. But then it's no more
> risky than visiting web sites and viewing them. If nothing else It's desirable
> to clean up the data to avoid badly coded <table>s and such like from screwing
> around with your display.

My approach would be to only escape certain elements.  We only escape <b> <i> ,
etc.  If someone puts in a <table> their presentation will look like crap.  It
should be a description not a whole html page :)

> The most annoying tag is <pre>. It does no real harm, but can make your
> display much too wide. One of the weblogs I was reading had a really wide
> piece of source code and it hung around in their RSS for much longer than my
> cache, so every couple of weeks it would turn up again. I think eventually, I
> just stopped reading that site.

can't blame you :)

Kevin

- -- 
Kevin A. Burton ( burton@apache.org, burton@openprivacy.org, burtonator@acm.org )
             Location - San Francisco, CA, Cell - 415.595.9965
        Jabber - burtonator@jabber.org,  Web - http://relativity.yi.org/

The humans won't stop there!  They'll make bigger boards with bigger nails and
so on.  Pretty soon they will make a board with a nail in it so big it will
destroy them all!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Get my public key at: http://relativity.yi.org/pgpkey.txt

iD8DBQE8gD0wAwM6xb2dfE0RAtKRAJoDpa+7NgQs7BZi5HixOjkrzDICGACfc1uY
1To83IkdxgBaWwkWrkLBp40=
=nXi3
-----END PGP SIGNATURE-----

References:
- Syndication of javascript: urls as a security window?
  - From: burton@openprivacy.org
- Re: [syndication] Syndication of javascript: urls as a security window?
  - From: Brian Aker <brian@tangent.org>
- Re: [syndication] Syndication of javascript: urls as a security window?
  - From: Jim Winstead <jimw-yahoo@trainedmonkey.com>
- Re: [syndication] Syndication of javascript: urls as a security window?
  - From: Julian Bond <julian_bond@voidstar.com>

Prev by Date: slogger update
Next by Date: Learn How To Make $5000 A WEEK
Previous by thread: Re: Syndication of javascript: urls as a security window?
Next by thread: slogger update
Index(es):
- Date
- Thread